The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1


Detected May 24 2011 06:08 GMT
Released May 24 2011 17:05 GMT
Published Aug 08 2011 12:37 GMT

Technical Details
Removal instructions

Technical Details

Trojan program that performs malicious activities in the user’s system. It is a Windows (PE64 DLL-file). It is 83968 bytes in size. It is written in C++.


Installation in the system and creating the initial conditions to run this trojan performed by other malicious programs.


The program terminates its execution, if an account name, under which it is running, is different from:

The trojan allows access to the infected system and has a number of commands to manipulate (search, create, move, delete) files and folders, downloading and running files, terminating the processes and logging out of the system. The Trojan also creates a SOCKS5 proxy server on any port. A notification of infection the trojan sends to an address that is stored in encrypted form in the registry key:

Removal instructions

If your computer does not have an antivirus, and is infected by this malicious program, follow the instructions below to delete it:

  1. Reboot a computer in a “Safe Mode” (at the beginning of system boot, press and hold the «F8», then select the «Safe Mode» the Windows boot menu).
  2. Delete the original malicious file (the location on the infected computer will depend on how the program originally penetrated the victim machine).
  3. Perform a full scan of the computer using Kaspersky Anti-Virus with up-to-date antivirus databases (download a trial version).

Bookmark and Share

This type of behaviour covers malicious programs that delete, block, modify, or copy data, disrupt computer or network performance, but which cannot be classified under any of the behaviours identified above.

This classification also covers “multipurpose” Trojan programs, i.e. those that are capable of conducting several actions at once and which demonstrate several Trojan behaviours in a single program. This means they cannot be indisputably classified as having any single behaviour.

Other versions